#!/bin/sh
set -e
export LC_ALL=C

type=$1
preversion=$2

kernel_compare_versions () {
    verA=$(($(echo "$1" | sed 's/\([0-9]*\)\.\([0-9]*\).*/\1 \* 100 + \2/')))
    verB=$(($(echo "$3" | sed 's/\([0-9]*\)\.\([0-9]*\).*/\1 \* 100 + \2/')))

    test $verA -$2 $verB
}

if [ "$type" != abort-upgrade ]
then
    # Load debconf module if available and usable
    if [ -f /usr/share/debconf/confmodule ] && \
       ( [ "$DEBCONF_USE_CDEBCONF" ] || perl -e "" 2>/dev/null ) ; then
        . /usr/share/debconf/confmodule
        USE_DEBCONF=1
    else
        USE_DEBCONF=
    fi

    # See if LD_LIBRARY_PATH contains the traditional /lib, but not the
    # multiarch path
    dirs=$(echo $LD_LIBRARY_PATH | sed 's/:/ /g')
    for dir in $dirs ; do
        dir=$(readlink -e $dir || true)
        case "$dir" in
        /lib)
            seen_traditional=1
            ;;
        SLIBDIR)
            seen_multiarch=1
            ;;
        esac
    done
    if test -n "$seen_traditional" && test -z "$seen_multiarch" ; then
        echo
        echo "LD_LIBRARY_PATH contains the traditional /lib directory,"
        echo "but not the multiarch directory SLIBDIR."
        echo "It is not safe to upgrade the C library in this situation;"
        echo "please remove the /lib/directory from LD_LIBRARY_PATH and" 
        echo "try again."
        echo
        exit 1
    fi

    # glibc kernel version check
    system=`uname -s`
    if [ "$system" = "Linux" ]
    then
        # sanity checking for the appropriate kernel on each architecture.
        kernel_ver=`uname -r`
        case ${DPKG_MAINTSCRIPT_ARCH} in
            *)
                # The GNU libc requires a >= 3.2 kernel, found in wheezy
                kernel_ver_min=3.2
                kernel_ver_rec=3.2
                ;;
        esac

        if kernel_compare_versions "$kernel_ver" lt $kernel_ver_min
        then
            if [ "$USE_DEBCONF" ]
            then
                db_version 2.0
                db_fset glibc/kernel-too-old seen false
                db_reset glibc/kernel-too-old
                db_subst glibc/kernel-too-old kernel_ver $kernel_ver_rec
                db_input critical glibc/kernel-too-old || true
                db_go
                db_stop
            else
                echo "ERROR: This version of the GNU libc requires kernel version"
                echo "$kernel_ver_rec or later.  Please upgrade your kernel before installing"
                echo "glibc."
                echo
            fi
            exit 1
        fi

        if kernel_compare_versions "$kernel_ver" lt $kernel_ver_rec
        then
            if [ "$USE_DEBCONF" ]
            then
                db_version 2.0
                db_fset glibc/kernel-not-supported seen false
                db_reset glibc/kernel-not-supported
                db_subst glibc/kernel-not-supported kernel_ver $kernel_ver_rec
                db_input critical glibc/kernel-not-supported || true
                db_go
                db_stop
            else
                echo "WARNING: This version of the GNU libc requires kernel version"
                echo "$kernel_ver_rec or later.  Older versions might work but are not officially"
                echo "supported.  Please consider upgrading your kernel."
                echo
            fi
        fi

    elif [ $system = "GNU/kFreeBSD" ]
    then
        kernel_ver=`uname -r`
        kernel_ver_min=8.3
        if kernel_compare_versions "$kernel_ver" lt $kernel_ver_min
        then
            if [ "$USE_DEBCONF" ]
            then
                db_version 2.0
                db_version 2.0
                db_fset glibc/kernel-too-old seen false
                db_reset glibc/kernel-too-old
                db_subst glibc/kernel-too-old kernel_ver $kernel_ver_min
                db_input critical glibc/kernel-too-old || true
                db_go
                db_stop
            else
                echo "ERROR: This version of the GNU libc requires kernel version"
                echo "$kernel_ver_min or later.  Please upgrade your kernel before installing"
                echo "glibc."
                echo
            fi
            exit 1
        fi

    elif [ $system = "GNU" ]
    then
        kernel_ver=`uname -v | cut -d / -f 1 | cut -d ' ' -f 2`
        kernel_ver_git=${kernel_ver#*+git}
        kernel_ver_git=${kernel_ver_git%%-*}
        kernel_ver=${kernel_ver%+git*}
        kernel_ver_min=1.8
        kernel_ver_git_min=20210923
        if kernel_compare_versions "$kernel_ver" lt $kernel_ver_min || \
         ( kernel_compare_versions "$kernel_ver" eq $kernel_ver_min && \
            [ "$kernel_ver_git" -lt $kernel_ver_git_min ] )
        then
            if [ "$USE_DEBCONF" ]
            then
                db_version 2.0
                db_fset glibc/kernel-too-old seen false
                db_reset glibc/kernel-too-old
                db_subst glibc/kernel-too-old kernel_ver $kernel_ver_min+git$kernel_ver_git_min
                db_input critical glibc/kernel-too-old || true
                db_go
                db_stop
            else
                echo "ERROR: This version of the GNU libc requires kernel version"
                echo "$kernel_ver_min+git$kernel_ver_git_min or later."
                echo "Please upgrade your kernel and reboot before installing glibc."
                echo
            fi
            exit 1
        fi
    fi
fi

if [ "$type" = upgrade ]
then
    if [ -n "$preversion" ] && [ -x "$(command -v ischroot)" ] && ! ischroot; then
	# NSS authentication trouble guard
	if dpkg --compare-versions "$preversion" lt GLIBC_VERSION; then
	    if pidof xscreensaver xlockmore >/dev/null; then
		if [ "$USE_DEBCONF" ] ; then
		    db_version 2.0
		    db_reset glibc/disable-screensaver
		    db_input critical glibc/disable-screensaver || true
		    db_go || true
		else
		    echo "xscreensaver and xlockmore must be restarted before upgrading"
		    echo
		    echo "One or more running instances of xscreensaver or xlockmore have been"
		    echo "detected on this system. Because of incompatible library changes, the"
		    echo "upgrade of the GNU C library will leave you unable to authenticate to"
		    echo "these programs. You should arrange for these programs to be restarted"
		    echo "or stopped before continuing this upgrade, to avoid locking your users"
		    echo "out of their current sessions."
		    echo
		    frontend=`echo "$DEBIAN_FRONTEND" | tr '[:upper:]' '[:lower:]'`
		    if [ "$frontend" = noninteractive ]; then
			echo "Non-interactive mode, upgrade glibc forcibly"
		    else
		        echo -n "Press a key to continue"
		        read answer
		    fi
		    echo
		fi
	    fi

	    check="kdm postgresql xdm"
	    # NSS services check:
	    __NSS_CHECK__
	    if [ -n "$services" ]; then 
		if [ "$USE_DEBCONF" ] ; then
	            db_version 2.0
		    db_reset glibc/upgrade
		    db_subst glibc/upgrade services $services
		    db_input critical glibc/upgrade || true
		    db_go || true
		    db_get glibc/upgrade
		    answer=$RET
		else
		    echo "Do you want to upgrade glibc now?"
		    echo
		    echo "Running services and programs that are using NSS need to be restarted,"
		    echo "otherwise they might not be able to do lookup or authentication any more."
		    echo "The installation process is able to restart some services (such as ssh or"
		    echo "telnetd), but other programs cannot be restarted automatically.  One such"
		    echo "program that needs manual stopping and restart after the glibc upgrade by"
		    echo "yourself is xdm - because automatic restart might disconnect your active"
		    echo "X11 sessions."
		    echo
		    echo "This script detected the following installed services which must be"
		    echo "stopped before the upgrade: $services"
		    echo
		    echo "If you want to interrupt the upgrade now and continue later, please"
		    echo "answer No to the question below."
		    echo 
		    frontend=`echo "$DEBIAN_FRONTEND" | tr '[:upper:]' '[:lower:]'`
		    if [ "$frontend" = noninteractive ]; then
			echo "Non-interactive mode, upgrade glibc forcibly"
			answer=true
		    else
		        echo -n "Do you want to upgrade glibc now? [Y/n] "
		        read answer
		        case $answer in
			    Y*|y*) answer=true ;;
			    N*|n*) answer=false ;;
			    *) answer=true ;;
			esac
		    fi
		    echo
		fi

		if [ "x$answer" != "xtrue" ]; then
	            echo "Stopped glibc upgrade.  Please retry the upgrade after you have"
	            echo "checked or stopped services by hand."
	            exit 1
		fi
	    fi

            # As long systemd-logind has not seen any login request since the system has been
            # booted, it has not loaded any NSS module. In that condition if glibc is upgraded
            # (that means with a non session shell or by some automation), the NSS modules are
            # replaced by a new major version which might be incompatible (and definitely are
            # for some versions).
            #
            # The solution implemented for most daemons is to restart them, but unfortunately
            # it is not something supported with systemd-logind (see bug#91950).
            #
            # As a workaround, when detected that the system is using systemd and that the
            # systemd-logind process has not not loaded any NSS module, force systemd-logind to
            # load NSS modules. This is done by disabling lingering on a non-existing user. This
            # has to be done by talking directly to systemd-logind through sd-bus, as loginctl
            # first checks if the user actually exist. The nonexistent uid is chosen as
            # 4294967294, which is reserved by Policy §9.2.2.
            #
            # Note that starting with glibc 2.34, the nss_files is builtin. When glibc >= 2.34
            # ends-up in a stable release, this workaround can therefore be dropped.
            if [ -d /run/systemd/system ]; then
                if ! grep -q -E 'libnss_(compat|db|files)' /proc/$(systemctl show --property MainPID --value systemd-logind.service)/maps ; then
                    echo "Forcing systemd-logind to load NSS modules..."
                    busctl call --system org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager \
                        SetUserLinger ubb 4294967294 false false >/dev/null 2>&1 || true
                fi
            fi

	fi # end upgrading and $preversion lt GLIBC_VERSION
    fi # Upgrading

    # This will keep us from using hwcap libs (optimized) during an
    # upgrade.
    touch "$DPKG_ROOT/etc/ld.so.nohwcap"
fi

#DEBHELPER#

if [ -n "$preversion" ]; then
    if dpkg --compare-versions "$preversion" lt GLIBC_VERSION; then
       # unconditionally wipe ld.so.cache on major version upgrades; this
       # makes those upgrades a bit slower, but is less error-prone than
       # hoping we notice every time the cache format is changed upstream
       rm -f "$DPKG_ROOT/etc/ld.so.cache"
       rm -f "$DPKG_ROOT/var/cache/ldconfig/aux-cache"
    fi
fi

exit 0
